A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Thursday, 12 January 2012

SmartPhone App Security Advice

Smartphones really are a fraudster’s paradise, there are so many opportunities for fraudsters to monetise from them. From Rogue Malicious Apps sending premium rate text messages costing up to £6 a text, to stealing the personal information and passwords held on them. And there are even further fraud opportunities with smarphones being increasingly used for making Payments and with Online Banking. These factors together with a general smartphone user security naivety, are a major incentive for the bad guys to target these little handheld cash cows.

Rogue Smartphone AppsMost malicious or "Rogue" Smartphone Apps are Trojan Apps. A Trojan App can look very professional within the AppStore and once downloaded may well operate as expected and serve the purpose you wanted it for. However once downloaded and used, a Trojan App will perform malicious operations without your knowledge in the background. So the App may well be an entertaining game you play, but as you play the App sends premium rate text messages, suppressing all text message notifications on your phone, so you don't know its happening. The monetisation of the scam is the text messages are going to a premium rate line operated by the fraudsters, costing you £3 each time the App texts. You may not find out until your mobile phone company gets in contact or you clock very high text message costs on your bill. Of course by this time the bad guys will have cashed out and closed the text line.

Rogue Trojan Smarphone Apps can potentiallyappear within any of the major AppStores, whether it is operated by Apple (iPhone), RIM (Blackberry), Microsoft (Windows 7) or Google (Android). Most of these suppliers do perform security testing against Apps for malicious elements before allowing them to be placed in their AppStores. However it is fair to say the majority of rogue Apps have appeared on Google's Android, with Google removing 27 Rogue Apps just last month (Dec 11). http://www.bbc.co.uk/news/technology-16177013.

Given the 100,000s Apps in AppStores today, and the 1,000s of new Apps which are released every week, there is always the potential new rogue Apps could slip through any of these smartphone heavyweights AppStore security nets, therefore user vigilance is necessary.

5 Steps to Protect Against Rogue Apps

1. Be sure to update your Smartphone (operating system) software as often as possible. These updates often add security features and resolve security vulnerabilities, which can prevent Rogue Apps successfully operating.

2. Before downloading a new App, check and read through the reviews of the App. If the App is dodgy and has been around for a while, no doubt someone will have complained and added a warning in a review.

3. Be careful when allowing an App access to functions and information on your smartphone. Most smartphones have a security feature built in which requires the user to agree to provide an App with access to the various smartphone functions. For instance it doesn't bode well if an App is requesting permission to access your phone book when it is just a game. Don't blindly tap yes on such requests, always ask yourself whether the App really needs the function or information it is asking for, in order for it to work.

4. Rogue Trojan Apps perform functions in the background. These functions can have a great impact on your smartphone's performance and battery life. So if your battery is draining much quicker than usual, or your phone is becoming more sluggish following the installation of a new App, be suspicious.

5. Check your mobile bill regularly. Typically most rogue Apps in the UK today, secretly send text messages to premium rate lines, therefore it is prudent to check your phone bill for any unusual or unexpected charges. Make it a habit to check your bill at least once a month or straight away if you suspect something is amiss.

Every time that a popular cellphone company launch new units I always ask myself if it’s safe or not because I am aware that smartphones are fraudster’s paradise. I know a few apps that can hack user’s personal information without noticing it so I always avoid downloading free apps. Victims should seek help from serious crime lawyers so that they can avoid it from happening again.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. template. Powered by Blogger.